Adobe Robohelp

Get new posts delivered straight to your inbox.

Subscriber count: 3,505

Stitcher radio

follow us in feedly

Want more tech comm blogs to follow? See my Tech Comm Collection of Blogs on Feedly.

Adobe Robohelp

My WordPress Site Was Hacked

Jun 22, 2008 • general

My site was hacked today. Usually when someone says "my site's been hacked," the first response is, are you sure you didn't screw something up yourself? Yes, I'm sure. Someone twittered that my tinyurl was showing a login page. Actually, for me it showed the install page below:

But I hadn't been upgrading or installing anything. Something was definitely wrong.

I wondered if it was a hacker, so I searched the WordPress forums and found a post indicating a similar experience. Not only did my blog show the install screen rather than content, the wp_options table in the database also needed to be repaired.

I guess I'm used to not freaking out when things are broken. And just last week, I backed up my blog. So I was calm about it. Still, it surprised me that I didn't start hyperventilating or getting even the least bit stressed. Maybe that's a spinoff of having become a technical writer. Oh, it's broken? Let's see what seems to be the matter ....

Anyway, if you have the same hacked symptoms, here's how you fix it:

  1. Enter your web host's cPanel, click the MySQL database button, select the database for your blog, and then click the Repair Database button. This should fix the wp_options table and allow your site's content to reappear, rather than the install screen.
  2. Log in to your site, click the Users tab, and delete any new admin users. I had someone in there with the email mdburke@maine.edu.
  3. Delete the 30+ new "Hello World" and "About" posts.
  4. Change your password to your site and web host to something much stronger.

That's about it. I'm not sure what the hacker's point was. I do have the latest version of WordPress (2.5.1).

As a measure of prevention against future attacks, I installed the Ask Apache Password Protect Plugin, which was recommended in this WordPress Codex article on "Hardening WordPress." Actually, this plugin turned out to be problematic. It locked me out of my admin panel completely. If this happens, just delete the new .htaccess file that appears in your wp-admin folder, and you should be able to log back into your site.

follow us in feedly


Get new posts delivered straight to your inbox.

Subscriber count: 3,505

Powered by ZipRecruiter

About Tom Johnson

Tom Johnson

I'm a technical writer based in the California San Francisco Bay area. Topics I write about on this blog include technical writing, authoring and publishing tools, API documentation, tech comm trends, visual communication, technical writing career advice, information architecture and findability, developer documentation, and more. If you're a professional or aspiring technical writer, be sure to subscribe to email updates using the form above. You can learn more about me here.